Abstract
We show that fragmented IPv4 and IPv6 traffic is vulnerable to DoS, interception and modification attacks by a blind (spoofing-only) attacker. We demonstrated a weak attacker causing over 94% loss rate and intercepting more than 80% of data between peers. All attacks are practical, and validated experimentally on popular industrial and open-source products, with realistic network setups (involving NAT or tunneling). The interception attack requires a zombie behind the same NAT or tunnel-gateway as the victim destination; the other attacks only require a puppet (adversarial applet/script in sandbox). The complexity of our attacks depends on the predictability of the IP Identifier (ID) field and are simpler for implementations, e.g. Windows, which use globally-incrementing IP IDs. Most of our effort went into extending the attacks for implementations, e.g. Linux, which use per-destination-incrementing IP IDs.
Original language | English |
---|---|
State | Published - 2011 |
Externally published | Yes |
Event | 5th USENIX Workshop on Offensive Technologies, WOOT 2011 - San Francisco, United States Duration: 8 Aug 2011 → … |
Conference
Conference | 5th USENIX Workshop on Offensive Technologies, WOOT 2011 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 8/08/11 → … |
Bibliographical note
Publisher Copyright:© 2011 USENIX Association. All rights reserved.